Report - qetyhyg.com/login.php0w

Report Overview

Visited public
2025-05-11 04:24:04
Tags
URL
qetyhyg.com/login.php0w
Finishing URL
no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e&url=https%3A%2F%2Fwww.netonnet.no%2Fart%2Ftv%2F46-55%2Fandersson-qled5050uhd%2F1034787.11451%2F%3Fkk%3Da4c6293-196bd95ea1b-205b62%26utm_source%3Dkelkoo.no%26utm_medium%3Dcpc%26utm_campaign%3Dprospecting_conversion_kelkoo-prisjamforelse_no%26utm_source_platform%3DKelkooGroup&initiator=fp&dc=false
IP / ASN
64.225.91.73
#14061 DIGITALOCEAN-ASN
Title
kelkoogroup.net

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
domaincntrol.com	274993	2017-03-03	2018-01-06	2025-05-05	467 B	770 B	104.18.27.45
xml.sedodna.com	278378	2009-12-21	2020-10-22	2025-05-03	540 B	211 B	173.239.53.32
qetyhyg.com	unknown	2022-06-10	2018-06-04	2025-05-08	931 B	1.7 kB	64.225.91.73
nicom-twd.com	unknown	2025-05-05	2025-05-09	2025-05-09	3.3 kB	249 kB	0.0.0.0
ct.captcha-delivery.com	42546	2019-12-23	2020-02-05	2025-05-11	422 B	14 kB	54.240.174.114
no-go.kelkoogroup.net	unknown	2017-08-18	2017-10-30	2025-05-07	3.7 kB	3.2 kB	95.211.116.26
geo.captcha-delivery.com	43337	2019-12-23	2020-03-18	2025-05-11	1.9 kB	550 kB	13.50.6.43
ww2.qetyhyg.com	unknown	2022-06-10	2023-03-08	2025-05-05	4.8 kB	5.6 kB	64.190.63.136
q1.quotes.com	unknown	1997-05-20	2022-09-19	2025-05-04	952 B	331 B	0.0.0.0
static.captcha-delivery.com	38537	2019-12-23	2020-05-12	2025-05-07	1.5 kB	22 kB	54.240.174.108

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-11	medium	qetyhyg.com	Sinkholed
2025-05-11	medium	qetyhyg.com	Sinkholed
2025-05-11	medium	qetyhyg.com	Sinkholed
2025-05-11	medium	qetyhyg.com	Sinkholed
2025-05-11	medium	qetyhyg.com	Sinkholed
2025-05-11	medium	qetyhyg.com	Sinkholed
2025-05-11	medium	qetyhyg.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	qetyhyg.com/login.php0w	ScriptElement	450 B	2025-03-03	2025-05-19
Pretty URL qetyhyg.com/login.php0w IP 64.225.91.73 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-03 18:21 Last Seen2025-05-19 20:44 Times Seen95 Hash 3432aec863794452fa10c92c84dadccb db3e583ad642974bdb201861394571c9e84a8988 037741f7a74ec2adccea4eb9c39d7421eb37638ece22a35a21730116d3a37131 Loading...

	no-go.kelkoogroup.net/offersearchGo?.ts=1746934994429&.sig=FY98yc2FEuLu6T365evulv.vq0A-&affiliationId=96984280&comId=6995723&country=no&offerId=f5ad097ea6542e2245e6e17b1f0a9825&service=37&tokenId=b19b42ff-d27e-4a5f-bbcc-4be2da9cd0f1&wait=true&custom1=5pyasX23qUVB&publisherClickId=5pyasX23qUVB&custom2=a4otlcrav&publisherSubId=a4otlcrav	ScriptElement	232 kB	2025-05-11	2025-05-11
Pretty URL no-go.kelkoogroup.net/offersearchGo?.ts=1746934994429&.sig=FY98yc2FEuLu6T365evulv.vq0A-&affiliationId=96984280&comId=6995723&country=no&offerId=f5ad097ea6542e2245e6e17b1f0a9825&service=37&tokenId=b19b42ff-d27e-4a5f-bbcc-4be2da9cd0f1&wait=true&custom1=5pyasX23qUVB&publisherClickId=5pyasX23qUVB&custom2=a4otlcrav&publisherSubId=a4otlcrav IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-11 04:24 Last Seen2025-05-11 04:24 Times Seen1 Hash 97c7a9cdb9abd2c7ffb9ba54c54d6945 0a0c032bffd27a0d7d8a98b138e3f7c3f5261a6d 4ed1569be4132037e7e4a6696d4b46f5b7944cdbf4f81070d09d8c0494e2a6ee Loading...

	ww2.qetyhyg.com/	ScriptElement	1.9 kB	2025-05-11	2025-05-11
Pretty URL ww2.qetyhyg.com/ IP 64.190.63.136 ASN #47846 SEDO GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-11 04:24 Last Seen2025-05-11 04:24 Times Seen1 Hash 4e68abe0ea4d1a6935846ead19b534d9 599240ddcfa3f4e440e452f432204f7294981cb3 14d076b1e614edfa36348cb519b8746d96bece77c226495d38ac0a8882f289b9 Loading...

	nicom-twd.com/zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381	ScriptElement	2.8 kB	2025-05-11	2025-05-11
Pretty URL nicom-twd.com/zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-11 04:24 Last Seen2025-05-11 04:24 Times Seen1 Hash 4e18d0720de5855ba84fec65f7b4e21d 52cdf719ff60b56ef39295436f5cc83cad6ff0e7 38338d41b96375095f9adabf8480c5c8106cf7fa3f04fc79191f75397f41b4bc Loading...

	no-go.kelkoogroup.net/offersearchGo?.ts=1746934994429&.sig=FY98yc2FEuLu6T365evulv.vq0A-&affiliationId=96984280&comId=6995723&country=no&offerId=f5ad097ea6542e2245e6e17b1f0a9825&service=37&tokenId=b19b42ff-d27e-4a5f-bbcc-4be2da9cd0f1&wait=true&custom1=5pyasX23qUVB&publisherClickId=5pyasX23qUVB&custom2=a4otlcrav&publisherSubId=a4otlcrav	ScriptElement	9.9 kB	2025-05-11	2025-05-11
Pretty URL no-go.kelkoogroup.net/offersearchGo?.ts=1746934994429&.sig=FY98yc2FEuLu6T365evulv.vq0A-&affiliationId=96984280&comId=6995723&country=no&offerId=f5ad097ea6542e2245e6e17b1f0a9825&service=37&tokenId=b19b42ff-d27e-4a5f-bbcc-4be2da9cd0f1&wait=true&custom1=5pyasX23qUVB&publisherClickId=5pyasX23qUVB&custom2=a4otlcrav&publisherSubId=a4otlcrav IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-11 04:24 Last Seen2025-05-11 04:24 Times Seen1 Hash 1be630f9051c21552fa7cc3da271de08 99b6315a531c555fb62bc5987660fc0e5079e44f 193c46564118c52642e3e247f2c7a527846b5a7fe61e5dac59798e87152d1e34 Loading...

	no-go.kelkoogroup.net/offersearchGo?.ts=1746934994429&.sig=FY98yc2FEuLu6T365evulv.vq0A-&affiliationId=96984280&comId=6995723&country=no&offerId=f5ad097ea6542e2245e6e17b1f0a9825&service=37&tokenId=b19b42ff-d27e-4a5f-bbcc-4be2da9cd0f1&wait=true&custom1=5pyasX23qUVB&publisherClickId=5pyasX23qUVB&custom2=a4otlcrav&publisherSubId=a4otlcrav	ScriptElement	1.4 kB	2025-05-11	2025-05-11
Pretty URL no-go.kelkoogroup.net/offersearchGo?.ts=1746934994429&.sig=FY98yc2FEuLu6T365evulv.vq0A-&affiliationId=96984280&comId=6995723&country=no&offerId=f5ad097ea6542e2245e6e17b1f0a9825&service=37&tokenId=b19b42ff-d27e-4a5f-bbcc-4be2da9cd0f1&wait=true&custom1=5pyasX23qUVB&publisherClickId=5pyasX23qUVB&custom2=a4otlcrav&publisherSubId=a4otlcrav IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-11 04:24 Last Seen2025-05-11 04:24 Times Seen1 Hash b547e0f95ea9bb81a6a390603f7c8982 d606678979175ec9e8bd5bcee81b4a5ef859e932 b9b9cc9f2460fc6e23bf1f23758be171bf984170d2e4fdc4122c41844a86e74f Loading...

	no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e&url=https%3A%2F%2Fwww.netonnet.no%2Fart%2Ftv%2F46-55%2Fandersson-qled5050uhd%2F1034787.11451%2F%3Fkk%3Da4c6293-196bd95ea1b-205b62%26utm_source%3Dkelkoo.no%26utm_medium%3Dcpc%26utm_campaign%3Dprospecting_conversion_kelkoo-prisjamforelse_no%26utm_source_platform%3DKelkooGroup&initiator=fp&dc=false	ScriptElement	370 B	2025-05-11	2025-05-11
Pretty URL no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e&url=https%3A%2F%2Fwww.netonnet.no%2Fart%2Ftv%2F46-55%2Fandersson-qled5050uhd%2F1034787.11451%2F%3Fkk%3Da4c6293-196bd95ea1b-205b62%26utm_source%3Dkelkoo.no%26utm_medium%3Dcpc%26utm_campaign%3Dprospecting_conversion_kelkoo-prisjamforelse_no%26utm_source_platform%3DKelkooGroup&initiator=fp&dc=false IP 95.211.116.26 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-11 04:24 Last Seen2025-05-11 04:24 Times Seen1 Hash 47f71b5e7ea2a8316c0bd43279cb20c8 5f01d8f8dc2d2f4f5d7c87ce9ed183f06607ef28 3166025f5dc69ffcd8233d05a3a19ca0c92a73dfd99d929d380c29d57bfce965 Loading...

	ct.captcha-delivery.com/i.js	ScriptElement	13 kB	2025-02-18	2025-05-19
Pretty URL ct.captcha-delivery.com/i.js IP 54.240.174.114 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-18 06:11 Last Seen2025-05-19 23:11 Times Seen272 Hash c289d6c8b0e743fd024d52618d546f20 cd29405db7518c6943bacc943ac35c3d314ac722 8d973ba5eafa4328ff1feaefd70cccd0472b8af0c006285ba63eed00977935cc Loading...

	geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAncaLVowMRjcAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=3UfKPhDYn4WQ2_q3LFxpyjSeWHYewWj5kozE37chXlIchV0VSXtnTj2sF_Sm8Ao41Iwt5E_4wM~5sIi7lk8XzCBlwwwy2Z1GvYu83VnmGwgNePa9qFSAG8EXSumbYVhd&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e%26url%3Dhttps%253A%252F%252Fwww.netonnet.no%252Fart%252Ftv%252F46-55%252Fandersson-qled5050uhd%252F1034787.11451%252F%253Fkk%253Da4c6293-196bd95ea1b-205b62%2526utm_source%253Dkelkoo.no%2526utm_medium%253Dcpc%2526utm_campaign%253Dprospecting_conversion_kelkoo-prisjamforelse_no%2526utm_source_platform%253DKelkooGroup%26initiator%3Dfp%26dc%3Dfalse&s=35103&b=32286&dm=cd	ScriptElement	547 kB	2025-05-11	2025-05-11
Pretty URL geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAncaLVowMRjcAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=3UfKPhDYn4WQ2_q3LFxpyjSeWHYewWj5kozE37chXlIchV0VSXtnTj2sF_Sm8Ao41Iwt5E_4wM~5sIi7lk8XzCBlwwwy2Z1GvYu83VnmGwgNePa9qFSAG8EXSumbYVhd&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e%26url%3Dhttps%253A%252F%252Fwww.netonnet.no%252Fart%252Ftv%252F46-55%252Fandersson-qled5050uhd%252F1034787.11451%252F%253Fkk%253Da4c6293-196bd95ea1b-205b62%2526utm_source%253Dkelkoo.no%2526utm_medium%253Dcpc%2526utm_campaign%253Dprospecting_conversion_kelkoo-prisjamforelse_no%2526utm_source_platform%253DKelkooGroup%26initiator%3Dfp%26dc%3Dfalse&s=35103&b=32286&dm=cd IP 13.50.6.43 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-11 04:24 Last Seen2025-05-11 04:24 Times Seen1 Hash d8ff974a60c4fa33007041630f16fb46 9c6d4966d6971130b3d8a59a4aa0b75c1d32dd21 73c9a68d59b32e4a495576a66ca26dd72f489a234d4a4b82e4c9e5bab1f1e781 Loading...

HTTP Transactions (23)

URL IP Response Size

qetyhyg.com/login.php0w

64.225.91.73

200 OK

593 B

URL User Request GET
qetyhyg.com/login.php0w
IP
64.225.91.73:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerLet's Encrypt
Subjectqetyhyg.com
FingerprintF0:8A:4A:44:6B:42:A4:F0:80:EF:84:94:9C:8C:60:80:38:79:AF:E0
ValidityFri, 11 Apr 2025 23:57:20 GMT - Thu, 10 Jul 2025 23:57:19 GMT

File type
HTML document, ASCII text
Size
593 B (593 bytes)
Hash
3b03d93d3487806337b5c6443ce7a62d
93a7a790bb6348606cbdaf5daeaaf4ea8cf731d0
7392749832c70fcfc2d440d7afc2f880000dd564930d95d634eb1199fa15de30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.php0w HTTP/1.1
Host: qetyhyg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 11 May 2025 04:23:33 GMT
Content-Type: text/html
Last-Modified: Wed, 22 Feb 2023 21:25:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63f68860-251"
Content-Encoding: gzip

nicom-twd.com/zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381

0.0.0.0

0 B

URL User Request GET
nicom-twd.com/zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381 HTTP/1.1
Host: nicom-twd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

nicom-twd.com/favicon.ico

54.146.90.40

404

82 B

URL GET
nicom-twd.com/favicon.ico
IP
54.146.90.40:80
ASN
#14618 AMAZON-AES

Requested by
http://nicom-twd.com/zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381

File type
JSON text data
Size
82 B (82 bytes)
Hash
63518ed22fe747179ddfaf547c2a938f
8018fe580669d74fa8a615eee6faa7c7d33580bb
02a67a30e8a616d21681628c35cc815d473889e1692a5b526a76993201805ea1

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: nicom-twd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://nicom-twd.com/zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 
Date: Sun, 11 May 2025 04:23:58 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive

ww2.qetyhyg.com/search/tsc.php?ses=ogc9jc56vYNWhdmwPipfpIkuxtDBO2DuTh5wfVKau-LXBaJKZGAJRqQ0kEcbMVyNeVmGn2grx8tszdsMTASOvhGeU84jAyhQsbtyXRxxxdou8GxR8LqektiCUPZoym-DnL2iEI0wXcJjGLWErXu_0m83b4XwcPpUq9NE0cUTxUwJpwelBtLStEyxbigPgzv9we8m_bI-TWanXHHbbqnglxnx2xQAecJ-zWp6OcgYpxUMAzXdtYk4Ibr7oQz-NRIwy23jufl0oSKtcSsxya51mI_hBaVCisK2oLpvQ7SKxtdEqqsbZJq495HGpA6gZEBVQ61saX6pCEN6A3QxiIgc5oCzkmppQatBk-0CB-eiLCSj2gt_NelMCZijW6nnw&cv=2

64.190.63.136

200 OK

0 B

URL GET
ww2.qetyhyg.com/search/tsc.php?ses=ogc9jc56vYNWhdmwPipfpIkuxtDBO2DuTh5wfVKau-LXBaJKZGAJRqQ0kEcbMVyNeVmGn2grx8tszdsMTASOvhGeU84jAyhQsbtyXRxxxdou8GxR8LqektiCUPZoym-DnL2iEI0wXcJjGLWErXu_0m83b4XwcPpUq9NE0cUTxUwJpwelBtLStEyxbigPgzv9we8m_bI-TWanXHHbbqnglxnx2xQAecJ-zWp6OcgYpxUMAzXdtYk4Ibr7oQz-NRIwy23jufl0oSKtcSsxya51mI_hBaVCisK2oLpvQ7SKxtdEqqsbZJq495HGpA6gZEBVQ61saX6pCEN6A3QxiIgc5oCzkmppQatBk-0CB-eiLCSj2gt_NelMCZijW6nnw&cv=2
IP
64.190.63.136:443
ASN
#47846 SEDO GmbH

Requested by
https://ww2.qetyhyg.com/
Certificate
IssuerDigiCert Inc
Subjectww2.qetyhyg.com
Fingerprint63:C2:A4:86:24:F0:82:D8:08:7C:7A:BD:9A:99:D3:D8:E3:CA:3B:26
ValidityFri, 09 May 2025 00:00:00 GMT - Fri, 08 May 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /search/tsc.php?ses=ogc9jc56vYNWhdmwPipfpIkuxtDBO2DuTh5wfVKau-LXBaJKZGAJRqQ0kEcbMVyNeVmGn2grx8tszdsMTASOvhGeU84jAyhQsbtyXRxxxdou8GxR8LqektiCUPZoym-DnL2iEI0wXcJjGLWErXu_0m83b4XwcPpUq9NE0cUTxUwJpwelBtLStEyxbigPgzv9we8m_bI-TWanXHHbbqnglxnx2xQAecJ-zWp6OcgYpxUMAzXdtYk4Ibr7oQz-NRIwy23jufl0oSKtcSsxya51mI_hBaVCisK2oLpvQ7SKxtdEqqsbZJq495HGpA6gZEBVQ61saX6pCEN6A3QxiIgc5oCzkmppQatBk-0CB-eiLCSj2gt_NelMCZijW6nnw&cv=2 HTTP/1.1
Host: ww2.qetyhyg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww2.qetyhyg.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sun, 11 May 2025 04:23:36 GMT
server: Parking/1.0
x-cache-miss-from: parking-5b56c79c57-vppsw
content-length: 0
X-Firefox-Spdy: h2

q1.quotes.com/b3f120be-2e1f-11f0-a1e9-7b5750209bc7

0.0.0.0

0 B

URL User Request GET
q1.quotes.com/b3f120be-2e1f-11f0-a1e9-7b5750209bc7
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b3f120be-2e1f-11f0-a1e9-7b5750209bc7 HTTP/1.1
Host: q1.quotes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

ct.captcha-delivery.com/i.js

54.240.174.114

200 OK

13 kB

URL GET
ct.captcha-delivery.com/i.js
IP
54.240.174.114:443
ASN
#16509 AMAZON-02

Requested by
https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e&url=https%3A%2F%2Fwww.netonnet.no%2Fart%2Ftv%2F46-55%2Fandersson-qled5050uhd%2F1034787.11451%2F%3Fkk%3Da4c6293-196bd95ea1b-205b62%26utm_source%3Dkelkoo.no%26utm_medium%3Dcpc%26utm_campaign%3Dprospecting_conversion_kelkoo-prisjamforelse_no%26utm_source_platform%3DKelkooGroup&initiator=fp&dc=false
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
13 kB (12996 bytes)
Hash
c289d6c8b0e743fd024d52618d546f20
cd29405db7518c6943bacc943ac35c3d314ac722
8d973ba5eafa4328ff1feaefd70cccd0472b8af0c006285ba63eed00977935cc

HTTP Headers

GET /i.js HTTP/1.1
Host: ct.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
content-length: 12996
date: Sat, 10 May 2025 06:17:29 GMT
last-modified: Mon, 17 Feb 2025 09:53:49 GMT
etag: "c289d6c8b0e743fd024d52618d546f20"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Bjz_2C1mpLtMb7Fwo5uvPnFzqg8J9psYsgtqLpXsZvP3fd9IZ-Pftw==
age: 79593
X-Firefox-Spdy: h2

static.captcha-delivery.com/captcha/assets/tpl/device-check/index.css

54.240.174.108

200 OK

3.7 kB

URL GET
static.captcha-delivery.com/captcha/assets/tpl/device-check/index.css
IP
54.240.174.108:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAncaLVowMRjcAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=3UfKPhDYn4WQ2_q3LFxpyjSeWHYewWj5kozE37chXlIchV0VSXtnTj2sF_Sm8Ao41Iwt5E_4wM~5sIi7lk8XzCBlwwwy2Z1GvYu83VnmGwgNePa9qFSAG8EXSumbYVhd&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e%26url%3Dhttps%253A%252F%252Fwww.netonnet.no%252Fart%252Ftv%252F46-55%252Fandersson-qled5050uhd%252F1034787.11451%252F%253Fkk%253Da4c6293-196bd95ea1b-205b62%2526utm_source%253Dkelkoo.no%2526utm_medium%253Dcpc%2526utm_campaign%253Dprospecting_conversion_kelkoo-prisjamforelse_no%2526utm_source_platform%253DKelkooGroup%26initiator%3Dfp%26dc%3Dfalse&s=35103&b=32286&dm=cd
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
ASCII text
Size
3.7 kB (3683 bytes)
Hash
d24f433ae1916185b0e4e20ed76cb64b
e0c8d4c58b7d0983f9b4042bea94c014cd5ec668
f40a7b02a8a2d420aa9d4cb5b0b26a92468828984fdc4b0d1202de4e24f59859

HTTP Headers

GET /captcha/assets/tpl/device-check/index.css HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
date: Sun, 11 May 2025 01:19:20 GMT
last-modified: Thu, 08 Feb 2024 08:41:29 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
etag: W/"d24f433ae1916185b0e4e20ed76cb64b"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IqPCuyr-CssDt8fCBHSuJNA-NvXtJcVpUkOta2BnqVZqBWKSk9gHSA==
age: 11082
X-Firefox-Spdy: h2

static.captcha-delivery.com/common/fonts/roboto/font-face.css

54.240.174.108

200 OK

519 B

URL GET
static.captcha-delivery.com/common/fonts/roboto/font-face.css
IP
54.240.174.108:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAncaLVowMRjcAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=3UfKPhDYn4WQ2_q3LFxpyjSeWHYewWj5kozE37chXlIchV0VSXtnTj2sF_Sm8Ao41Iwt5E_4wM~5sIi7lk8XzCBlwwwy2Z1GvYu83VnmGwgNePa9qFSAG8EXSumbYVhd&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e%26url%3Dhttps%253A%252F%252Fwww.netonnet.no%252Fart%252Ftv%252F46-55%252Fandersson-qled5050uhd%252F1034787.11451%252F%253Fkk%253Da4c6293-196bd95ea1b-205b62%2526utm_source%253Dkelkoo.no%2526utm_medium%253Dcpc%2526utm_campaign%253Dprospecting_conversion_kelkoo-prisjamforelse_no%2526utm_source_platform%253DKelkooGroup%26initiator%3Dfp%26dc%3Dfalse&s=35103&b=32286&dm=cd
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
ASCII text
Size
519 B (519 bytes)
Hash
e4f77074c0ffbfab377011e19283eb13
9160259165ca1ef84209d4dd675c3ed367babff1
66599c34190f7a6a402b38664a30a9b564fc22510f51fa3c5f027fb91e7a0e51

HTTP Headers

GET /common/fonts/roboto/font-face.css HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
content-length: 519
date: Sun, 11 May 2025 00:51:43 GMT
last-modified: Fri, 19 Jul 2024 12:42:09 GMT
etag: "e4f77074c0ffbfab377011e19283eb13"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: PjrOfx66kFWMc1zgj1BeGBiWdWmqkYyq3m6LV9Gus1XWBkCfN8454g==
age: 12739
X-Firefox-Spdy: h2

ww2.qetyhyg.com/

64.190.63.136

200 OK

2.9 kB

URL User Request GET
ww2.qetyhyg.com/
IP
64.190.63.136:443
ASN
#47846 SEDO GmbH

Certificate
IssuerDigiCert Inc
Subjectww2.qetyhyg.com
Fingerprint63:C2:A4:86:24:F0:82:D8:08:7C:7A:BD:9A:99:D3:D8:E3:CA:3B:26
ValidityFri, 09 May 2025 00:00:00 GMT - Fri, 08 May 2026 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1149)
Size
2.9 kB (2854 bytes)
Hash
5b2a8d24aa509712c8554cc0c3f2f436
cf57453f4c5a9573de1f7bc450e690518605331a
3c58215b3a637a2a8861d664e06e7df3c790ae750c74494874ab433e610f8e0e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: ww2.qetyhyg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 11 May 2025 04:23:35 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 11 May 2025 04:23:34 GMT
pragma: no-cache
server: Parking/1.0
vary: Accept-Encoding
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_YTkHZqcB4mkOs+AHRFTlMy61L6QSLHWUEklgoEMWfl+ksshdU4seq0RQvkC2RZXn38y1F1xtHxLEflfQY7B/Og==
x-cache-miss-from: parking-5b56c79c57-2mqqr
X-Firefox-Spdy: h2

ww2.qetyhyg.com/img.sedoparking.com/images/js_preloader.gif

64.190.63.136

441 No Reason Phrase

0 B

URL GET
ww2.qetyhyg.com/img.sedoparking.com/images/js_preloader.gif
IP
64.190.63.136:443
ASN
#47846 SEDO GmbH

Requested by
https://ww2.qetyhyg.com/
Certificate
IssuerDigiCert Inc
Subjectww2.qetyhyg.com
Fingerprint63:C2:A4:86:24:F0:82:D8:08:7C:7A:BD:9A:99:D3:D8:E3:CA:3B:26
ValidityFri, 09 May 2025 00:00:00 GMT - Fri, 08 May 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img.sedoparking.com/images/js_preloader.gif HTTP/1.1
Host: ww2.qetyhyg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww2.qetyhyg.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 441 No Reason Phrase
date: Sun, 11 May 2025 04:23:36 GMT
server: Parking/1.0
content-length: 0
X-Firefox-Spdy: h2

ww2.qetyhyg.com/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DyetSsOlLoi8_0&v=NzNjZDRjNWQ4Y2E3Mzg1NDU0ZDRjYjcwMWZiZDc4N2EJMQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MDk4OC4xNTAwNDczOQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MTViNC40MTgyMTM5MAkxNzQ2OTM3NDE1CWFkXzYzXzA%3D&l=ogcAluK1cw3apP624uttxItIdPu97Wb6h5QZYFKeHzt8vwieChyCjvpfZzQIwyOdnwo3hoe8i4g6x90-Tze9d2-g2EtOCOMYwfOCLR_cceGew5UZOrNhIGXhB59t6lRz0WMPKQPGwzLt-hdI-GOYdU13WM217flgc8ttsClLL_A00bG8S7R8Mgg5OzErt0nHs2NVAszC5FGdXxkOxKEGlrnHrqc7gMOS_f1kT9X6N2oKEdbOYGkprhwqVcXFs9D_J273ro_15vX2bCmF-g3qO9jgGO8wQfdK_EWQJ8kcA6Rj1AmjXorgUWsYDQuc6Xn7fHj4ORKTApkL0RPQd1ivHC4JF8rMxxY8tiSOO-Vn_zc5TEiLMJj7FVd_6q3gOl7xXFbHSh95MYAOH6ZmqjOYiRuZ1l0KhXoIvCvIlUWRwbaTxR5AijD4A1H6a2wZUk0vTqaW_ArUWbUNa14flhDxQBbSCGdsIN5Rc2P7mUtO0FqJeDOZdW_BYi0J36_Uqs2O-7naHjBM_8PPqFCI1WF2YD9AgDLMJT-oNvQE6sDAxOCSGAn82gPqvzZFT6wOrVRXCh8ZV9Gi7XVx6BSWg5_Yl6TMzFgn1eq8Kq4ubPtQIdxr_fkwF-H2HO4jkQ7cAUx0_sWT5Oyisk4Gx5tVykto4o89ilk3gc9s51CXLiyx1gyNZcoMbgyvvdoqwZq9Qexai6VXh68kA

64.190.63.136

302 Found

0 B

URL User Request GET
ww2.qetyhyg.com/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DyetSsOlLoi8_0&v=NzNjZDRjNWQ4Y2E3Mzg1NDU0ZDRjYjcwMWZiZDc4N2EJMQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MDk4OC4xNTAwNDczOQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MTViNC40MTgyMTM5MAkxNzQ2OTM3NDE1CWFkXzYzXzA%3D&l=ogcAluK1cw3apP624uttxItIdPu97Wb6h5QZYFKeHzt8vwieChyCjvpfZzQIwyOdnwo3hoe8i4g6x90-Tze9d2-g2EtOCOMYwfOCLR_cceGew5UZOrNhIGXhB59t6lRz0WMPKQPGwzLt-hdI-GOYdU13WM217flgc8ttsClLL_A00bG8S7R8Mgg5OzErt0nHs2NVAszC5FGdXxkOxKEGlrnHrqc7gMOS_f1kT9X6N2oKEdbOYGkprhwqVcXFs9D_J273ro_15vX2bCmF-g3qO9jgGO8wQfdK_EWQJ8kcA6Rj1AmjXorgUWsYDQuc6Xn7fHj4ORKTApkL0RPQd1ivHC4JF8rMxxY8tiSOO-Vn_zc5TEiLMJj7FVd_6q3gOl7xXFbHSh95MYAOH6ZmqjOYiRuZ1l0KhXoIvCvIlUWRwbaTxR5AijD4A1H6a2wZUk0vTqaW_ArUWbUNa14flhDxQBbSCGdsIN5Rc2P7mUtO0FqJeDOZdW_BYi0J36_Uqs2O-7naHjBM_8PPqFCI1WF2YD9AgDLMJT-oNvQE6sDAxOCSGAn82gPqvzZFT6wOrVRXCh8ZV9Gi7XVx6BSWg5_Yl6TMzFgn1eq8Kq4ubPtQIdxr_fkwF-H2HO4jkQ7cAUx0_sWT5Oyisk4Gx5tVykto4o89ilk3gc9s51CXLiyx1gyNZcoMbgyvvdoqwZq9Qexai6VXh68kA
IP
64.190.63.136:443
ASN
#47846 SEDO GmbH

Certificate
IssuerDigiCert Inc
Subjectww2.qetyhyg.com
Fingerprint63:C2:A4:86:24:F0:82:D8:08:7C:7A:BD:9A:99:D3:D8:E3:CA:3B:26
ValidityFri, 09 May 2025 00:00:00 GMT - Fri, 08 May 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DyetSsOlLoi8_0&v=NzNjZDRjNWQ4Y2E3Mzg1NDU0ZDRjYjcwMWZiZDc4N2EJMQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MDk4OC4xNTAwNDczOQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MTViNC40MTgyMTM5MAkxNzQ2OTM3NDE1CWFkXzYzXzA%3D&l=ogcAluK1cw3apP624uttxItIdPu97Wb6h5QZYFKeHzt8vwieChyCjvpfZzQIwyOdnwo3hoe8i4g6x90-Tze9d2-g2EtOCOMYwfOCLR_cceGew5UZOrNhIGXhB59t6lRz0WMPKQPGwzLt-hdI-GOYdU13WM217flgc8ttsClLL_A00bG8S7R8Mgg5OzErt0nHs2NVAszC5FGdXxkOxKEGlrnHrqc7gMOS_f1kT9X6N2oKEdbOYGkprhwqVcXFs9D_J273ro_15vX2bCmF-g3qO9jgGO8wQfdK_EWQJ8kcA6Rj1AmjXorgUWsYDQuc6Xn7fHj4ORKTApkL0RPQd1ivHC4JF8rMxxY8tiSOO-Vn_zc5TEiLMJj7FVd_6q3gOl7xXFbHSh95MYAOH6ZmqjOYiRuZ1l0KhXoIvCvIlUWRwbaTxR5AijD4A1H6a2wZUk0vTqaW_ArUWbUNa14flhDxQBbSCGdsIN5Rc2P7mUtO0FqJeDOZdW_BYi0J36_Uqs2O-7naHjBM_8PPqFCI1WF2YD9AgDLMJT-oNvQE6sDAxOCSGAn82gPqvzZFT6wOrVRXCh8ZV9Gi7XVx6BSWg5_Yl6TMzFgn1eq8Kq4ubPtQIdxr_fkwF-H2HO4jkQ7cAUx0_sWT5Oyisk4Gx5tVykto4o89ilk3gc9s51CXLiyx1gyNZcoMbgyvvdoqwZq9Qexai6VXh68kA HTTP/1.1
Host: ww2.qetyhyg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww2.qetyhyg.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/html; charset=UTF-8
date: Sun, 11 May 2025 04:23:36 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 11 May 2025 04:23:36 GMT
location: /search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DyetSsOlLoi8_0&v=NzNjZDRjNWQ4Y2E3Mzg1NDU0ZDRjYjcwMWZiZDc4N2EJMQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MDk4OC4xNTAwNDczOQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MTViNC40MTgyMTM5MAkxNzQ2OTM3NDE1CWFkXzYzXzA%3D&l=ogcAluK1cw3apP624uttxItIdPu97Wb6h5QZYFKeHzt8vwieChyCjvpfZzQIwyOdnwo3hoe8i4g6x90-Tze9d2-g2EtOCOMYwfOCLR_cceGew5UZOrNhIGXhB59t6lRz0WMPKQPGwzLt-hdI-GOYdU13WM217flgc8ttsClLL_A00bG8S7R8Mgg5OzErt0nHs2NVAszC5FGdXxkOxKEGlrnHrqc7gMOS_f1kT9X6N2oKEdbOYGkprhwqVcXFs9D_J273ro_15vX2bCmF-g3qO9jgGO8wQfdK_EWQJ8kcA6Rj1AmjXorgUWsYDQuc6Xn7fHj4ORKTApkL0RPQd1ivHC4JF8rMxxY8tiSOO-Vn_zc5TEiLMJj7FVd_6q3gOl7xXFbHSh95MYAOH6ZmqjOYiRuZ1l0KhXoIvCvIlUWRwbaTxR5AijD4A1H6a2wZUk0vTqaW_ArUWbUNa14flhDxQBbSCGdsIN5Rc2P7mUtO0FqJeDOZdW_BYi0J36_Uqs2O-7naHjBM_8PPqFCI1WF2YD9AgDLMJT-oNvQE6sDAxOCSGAn82gPqvzZFT6wOrVRXCh8ZV9Gi7XVx6BSWg5_Yl6TMzFgn1eq8Kq4ubPtQIdxr_fkwF-H2HO4jkQ7cAUx0_sWT5Oyisk4Gx5tVykto4o89ilk3gc9s51CXLiyx1gyNZcoMbgyvvdoqwZq9Qexai6VXh68kA
pragma: no-cache
server: Parking/1.0
x-cache-miss-from: parking-5b56c79c57-x57kt
content-length: 0
X-Firefox-Spdy: h2

ww2.qetyhyg.com/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DyetSsOlLoi8_0&v=NzNjZDRjNWQ4Y2E3Mzg1NDU0ZDRjYjcwMWZiZDc4N2EJMQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MDk4OC4xNTAwNDczOQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MTViNC40MTgyMTM5MAkxNzQ2OTM3NDE1CWFkXzYzXzA%3D&l=ogcAluK1cw3apP624uttxItIdPu97Wb6h5QZYFKeHzt8vwieChyCjvpfZzQIwyOdnwo3hoe8i4g6x90-Tze9d2-g2EtOCOMYwfOCLR_cceGew5UZOrNhIGXhB59t6lRz0WMPKQPGwzLt-hdI-GOYdU13WM217flgc8ttsClLL_A00bG8S7R8Mgg5OzErt0nHs2NVAszC5FGdXxkOxKEGlrnHrqc7gMOS_f1kT9X6N2oKEdbOYGkprhwqVcXFs9D_J273ro_15vX2bCmF-g3qO9jgGO8wQfdK_EWQJ8kcA6Rj1AmjXorgUWsYDQuc6Xn7fHj4ORKTApkL0RPQd1ivHC4JF8rMxxY8tiSOO-Vn_zc5TEiLMJj7FVd_6q3gOl7xXFbHSh95MYAOH6ZmqjOYiRuZ1l0KhXoIvCvIlUWRwbaTxR5AijD4A1H6a2wZUk0vTqaW_ArUWbUNa14flhDxQBbSCGdsIN5Rc2P7mUtO0FqJeDOZdW_BYi0J36_Uqs2O-7naHjBM_8PPqFCI1WF2YD9AgDLMJT-oNvQE6sDAxOCSGAn82gPqvzZFT6wOrVRXCh8ZV9Gi7XVx6BSWg5_Yl6TMzFgn1eq8Kq4ubPtQIdxr_fkwF-H2HO4jkQ7cAUx0_sWT5Oyisk4Gx5tVykto4o89ilk3gc9s51CXLiyx1gyNZcoMbgyvvdoqwZq9Qexai6VXh68kA

64.190.63.136

302 Found

0 B

URL User Request GET
ww2.qetyhyg.com/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DyetSsOlLoi8_0&v=NzNjZDRjNWQ4Y2E3Mzg1NDU0ZDRjYjcwMWZiZDc4N2EJMQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MDk4OC4xNTAwNDczOQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MTViNC40MTgyMTM5MAkxNzQ2OTM3NDE1CWFkXzYzXzA%3D&l=ogcAluK1cw3apP624uttxItIdPu97Wb6h5QZYFKeHzt8vwieChyCjvpfZzQIwyOdnwo3hoe8i4g6x90-Tze9d2-g2EtOCOMYwfOCLR_cceGew5UZOrNhIGXhB59t6lRz0WMPKQPGwzLt-hdI-GOYdU13WM217flgc8ttsClLL_A00bG8S7R8Mgg5OzErt0nHs2NVAszC5FGdXxkOxKEGlrnHrqc7gMOS_f1kT9X6N2oKEdbOYGkprhwqVcXFs9D_J273ro_15vX2bCmF-g3qO9jgGO8wQfdK_EWQJ8kcA6Rj1AmjXorgUWsYDQuc6Xn7fHj4ORKTApkL0RPQd1ivHC4JF8rMxxY8tiSOO-Vn_zc5TEiLMJj7FVd_6q3gOl7xXFbHSh95MYAOH6ZmqjOYiRuZ1l0KhXoIvCvIlUWRwbaTxR5AijD4A1H6a2wZUk0vTqaW_ArUWbUNa14flhDxQBbSCGdsIN5Rc2P7mUtO0FqJeDOZdW_BYi0J36_Uqs2O-7naHjBM_8PPqFCI1WF2YD9AgDLMJT-oNvQE6sDAxOCSGAn82gPqvzZFT6wOrVRXCh8ZV9Gi7XVx6BSWg5_Yl6TMzFgn1eq8Kq4ubPtQIdxr_fkwF-H2HO4jkQ7cAUx0_sWT5Oyisk4Gx5tVykto4o89ilk3gc9s51CXLiyx1gyNZcoMbgyvvdoqwZq9Qexai6VXh68kA
IP
64.190.63.136:443
ASN
#47846 SEDO GmbH

Certificate
IssuerDigiCert Inc
Subjectww2.qetyhyg.com
Fingerprint63:C2:A4:86:24:F0:82:D8:08:7C:7A:BD:9A:99:D3:D8:E3:CA:3B:26
ValidityFri, 09 May 2025 00:00:00 GMT - Fri, 08 May 2026 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DyetSsOlLoi8_0&v=NzNjZDRjNWQ4Y2E3Mzg1NDU0ZDRjYjcwMWZiZDc4N2EJMQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MDk4OC4xNTAwNDczOQl3dzIucWV0eWh5Zy5jb202ODIwMjY0NjY5MTViNC40MTgyMTM5MAkxNzQ2OTM3NDE1CWFkXzYzXzA%3D&l=ogcAluK1cw3apP624uttxItIdPu97Wb6h5QZYFKeHzt8vwieChyCjvpfZzQIwyOdnwo3hoe8i4g6x90-Tze9d2-g2EtOCOMYwfOCLR_cceGew5UZOrNhIGXhB59t6lRz0WMPKQPGwzLt-hdI-GOYdU13WM217flgc8ttsClLL_A00bG8S7R8Mgg5OzErt0nHs2NVAszC5FGdXxkOxKEGlrnHrqc7gMOS_f1kT9X6N2oKEdbOYGkprhwqVcXFs9D_J273ro_15vX2bCmF-g3qO9jgGO8wQfdK_EWQJ8kcA6Rj1AmjXorgUWsYDQuc6Xn7fHj4ORKTApkL0RPQd1ivHC4JF8rMxxY8tiSOO-Vn_zc5TEiLMJj7FVd_6q3gOl7xXFbHSh95MYAOH6ZmqjOYiRuZ1l0KhXoIvCvIlUWRwbaTxR5AijD4A1H6a2wZUk0vTqaW_ArUWbUNa14flhDxQBbSCGdsIN5Rc2P7mUtO0FqJeDOZdW_BYi0J36_Uqs2O-7naHjBM_8PPqFCI1WF2YD9AgDLMJT-oNvQE6sDAxOCSGAn82gPqvzZFT6wOrVRXCh8ZV9Gi7XVx6BSWg5_Yl6TMzFgn1eq8Kq4ubPtQIdxr_fkwF-H2HO4jkQ7cAUx0_sWT5Oyisk4Gx5tVykto4o89ilk3gc9s51CXLiyx1gyNZcoMbgyvvdoqwZq9Qexai6VXh68kA HTTP/1.1
Host: ww2.qetyhyg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww2.qetyhyg.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/html; charset=UTF-8
date: Sun, 11 May 2025 04:23:36 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 11 May 2025 04:23:36 GMT
location: https://xml.sedodna.com/click?i=yetSsOlLoi8_0
pragma: no-cache
server: Parking/1.0
x-cache-miss-from: parking-5b56c79c57-2mqqr
X-Firefox-Spdy: h2

no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e&url=https%3A%2F%2Fwww.netonnet.no%2Fart%2Ftv%2F46-55%2Fandersson-qled5050uhd%2F1034787.11451%2F%3Fkk%3Da4c6293-196bd95ea1b-205b62%26utm_source%3Dkelkoo.no%26utm_medium%3Dcpc%26utm_campaign%3Dprospecting_conversion_kelkoo-prisjamforelse_no%26utm_source_platform%3DKelkooGroup&initiator=fp&dc=false

95.211.116.26

403 Forbidden

744 B

URL User Request GET
no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e&url=https%3A%2F%2Fwww.netonnet.no%2Fart%2Ftv%2F46-55%2Fandersson-qled5050uhd%2F1034787.11451%2F%3Fkk%3Da4c6293-196bd95ea1b-205b62%26utm_source%3Dkelkoo.no%26utm_medium%3Dcpc%26utm_campaign%3Dprospecting_conversion_kelkoo-prisjamforelse_no%26utm_source_platform%3DKelkooGroup&initiator=fp&dc=false
IP
95.211.116.26:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerDigiCert Inc
Subject*.kelkoogroup.net
FingerprintAB:7F:31:B1:66:46:76:99:39:20:8C:5B:A4:03:6B:DE:E6:6B:F4:17
ValidityThu, 26 Sep 2024 00:00:00 GMT - Fri, 10 Oct 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (744), with no line terminators
Size
744 B (744 bytes)
Hash
69c2a63d55b81c2c630198496021ff61
d9ccbb6a9fb787ae747098431add90b41a109e3c
d8c6b81019aeae8bc478cf6a15b9468d5ee862f7d154582b6a2d1c7b99df0a10

HTTP Headers

GET /redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e&url=https%3A%2F%2Fwww.netonnet.no%2Fart%2Ftv%2F46-55%2Fandersson-qled5050uhd%2F1034787.11451%2F%3Fkk%3Da4c6293-196bd95ea1b-205b62%26utm_source%3Dkelkoo.no%26utm_medium%3Dcpc%26utm_campaign%3Dprospecting_conversion_kelkoo-prisjamforelse_no%26utm_source_platform%3DKelkooGroup&initiator=fp&dc=false HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/offersearchGo?.ts=1746934994429&.sig=FY98yc2FEuLu6T365evulv.vq0A-&affiliationId=96984280&comId=6995723&country=no&offerId=f5ad097ea6542e2245e6e17b1f0a9825&service=37&tokenId=b19b42ff-d27e-4a5f-bbcc-4be2da9cd0f1&wait=true&custom1=5pyasX23qUVB&publisherClickId=5pyasX23qUVB&custom2=a4otlcrav&publisherSubId=a4otlcrav
DNT: 1
Connection: keep-alive
Cookie: datadome=cvjR_Bn7c2uePh~~OgiNbFfnRZgWrpNuyEH6GuWbBYbL7mhVN_jXSz~EAwLuQ~UNiOGsLTdtl5dXGxsvSPbrvZ~WTrrCP_S2Q5BGixd04MlQMw5xSS4~Q~pSu8Sq1FGs; kelkooID=a4c6293-196bd95ea1b-205b62
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Pragma: no-cache
X-DD-B: 3
Charset: utf-8
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
Set-Cookie: datadome=3UfKPhDYn4WQ2_q3LFxpyjSeWHYewWj5kozE37chXlIchV0VSXtnTj2sF_Sm8Ao41Iwt5E_4wM~5sIi7lk8XzCBlwwwy2Z1GvYu83VnmGwgNePa9qFSAG8EXSumbYVhd; Max-Age=31104000; Expires=Wed, 06 May 2026 04:24:01 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
X-DataDome: protected
Request-Time: PT0.014555409S
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
X-DataDome-CID: AHrlqAAAAAMAncaLVowMRjcAW1oqmg==
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Sun, 11 May 2025 04:24:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 744

no-go.kelkoogroup.net/favicon.ico

95.211.116.26

404 Not Found

1.1 kB

URL GET
no-go.kelkoogroup.net/favicon.ico
IP
95.211.116.26:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e&url=https%3A%2F%2Fwww.netonnet.no%2Fart%2Ftv%2F46-55%2Fandersson-qled5050uhd%2F1034787.11451%2F%3Fkk%3Da4c6293-196bd95ea1b-205b62%26utm_source%3Dkelkoo.no%26utm_medium%3Dcpc%26utm_campaign%3Dprospecting_conversion_kelkoo-prisjamforelse_no%26utm_source_platform%3DKelkooGroup&initiator=fp&dc=false
Certificate
IssuerDigiCert Inc
Subject*.kelkoogroup.net
FingerprintAB:7F:31:B1:66:46:76:99:39:20:8C:5B:A4:03:6B:DE:E6:6B:F4:17
ValidityThu, 26 Sep 2024 00:00:00 GMT - Fri, 10 Oct 2025 23:59:59 GMT

File type
HTML document, ASCII text
Size
1.1 kB (1144 bytes)
Hash
8560de521c4990c7c870121fc9643508
0cacf7a6b96cceeb6ceae74d5f14dc87406a6f39
73a434285c3a752bc8c44aebd50e10f1a766853cbc7184e78d5c934c7b52b620

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e&url=https%3A%2F%2Fwww.netonnet.no%2Fart%2Ftv%2F46-55%2Fandersson-qled5050uhd%2F1034787.11451%2F%3Fkk%3Da4c6293-196bd95ea1b-205b62%26utm_source%3Dkelkoo.no%26utm_medium%3Dcpc%26utm_campaign%3Dprospecting_conversion_kelkoo-prisjamforelse_no%26utm_source_platform%3DKelkooGroup&initiator=fp&dc=false
DNT: 1
Connection: keep-alive
Cookie: datadome=3UfKPhDYn4WQ2_q3LFxpyjSeWHYewWj5kozE37chXlIchV0VSXtnTj2sF_Sm8Ao41Iwt5E_4wM~5sIi7lk8XzCBlwwwy2Z1GvYu83VnmGwgNePa9qFSAG8EXSumbYVhd; kelkooID=a4c6293-196bd95ea1b-205b62
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Request-Time: PT0.000285569S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
X-Permitted-Cross-Domain-Policies: master-only
Date: Sun, 11 May 2025 04:24:01 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1144

domaincntrol.com/?orighost=https://qetyhyg.com/login.php0w

104.18.27.45

200 OK

24 B

URL GET
domaincntrol.com/?orighost=https://qetyhyg.com/login.php0w
IP
104.18.27.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://qetyhyg.com/login.php0w
Certificate
IssuerGoogle Trust Services
Subjectdomaincntrol.com
FingerprintF5:14:9D:E9:4D:BC:60:0D:43:AF:93:8A:61:99:A7:4D:22:06:C5:40
ValidityMon, 17 Mar 2025 15:50:25 GMT - Sun, 15 Jun 2025 16:49:59 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
daa2ca1aab2d1b57760492d5a647af92
21aa3c4809654d88d1eeac6a8e550a8dbcd3e240
1f34327dc0ab513263661fdc2ff50d55bc7acc731899e0f03900b4f91d36d8d1

HTTP Headers

GET /?orighost=https://qetyhyg.com/login.php0w HTTP/1.1
Host: domaincntrol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qetyhyg.com/
Origin: https://qetyhyg.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 11 May 2025 04:23:34 GMT
content-type: text/javascript;charset=UTF-8
content-length: 24
access-control-allow-origin: *
x_details: {"destination":"sedo","orighost":"qetyhyg.com","type":"org","finalurl":"http://ww2.qetyhyg.com","browser":"firefox","os":"windows","country":"NO","device":"desktop","isbot":false,"botscore":97}
set-cookie: __cf_bm=Z7KU8dPbnSnyNjJoX0fOwYZ3NqygTipAw_dIft1Lsb0-1746937414-1.0.1.1-69QKFaBEeGIfOUo9EqmVJ1eHHNLuHGYk7K_jj5KP11DO9eRCr3bDCgrCwEoPjRGxe3lWjLpaSGLleiZ1VMPNu1G4wKuWYI_OPfTXuqGn3MU; path=/; expires=Sun, 11-May-25 04:53:34 GMT; domain=.domaincntrol.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 93dee6d4aa0c5693-OSL
X-Firefox-Spdy: h2

xml.sedodna.com/click?i=yetSsOlLoi8_0

173.239.53.32

302 Found

0 B

URL User Request GET
xml.sedodna.com/click?i=yetSsOlLoi8_0
IP
173.239.53.32:443
ASN
#27257 WEBAIR-INTERNET

Certificate
IssuerGlobalSign nv-sa
Subject*.sedodna.com
Fingerprint06:84:DD:97:12:C4:0C:48:8D:4F:DE:37:A8:9D:09:15:EA:BF:32:23
ValidityTue, 22 Apr 2025 11:36:56 GMT - Sun, 24 May 2026 11:36:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=yetSsOlLoi8_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww2.qetyhyg.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 11 May 2025 04:23:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: http://q1.quotes.com/b3f120be-2e1f-11f0-a1e9-7b5750209bc7

q1.quotes.com/b3f120be-2e1f-11f0-a1e9-7b5750209bc7

5.79.68.236

302 Found

0 B

URL User Request GET
q1.quotes.com/b3f120be-2e1f-11f0-a1e9-7b5750209bc7
IP
5.79.68.236:80
ASN
#60781 LeaseWeb Netherlands B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /b3f120be-2e1f-11f0-a1e9-7b5750209bc7 HTTP/1.1
Host: q1.quotes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sun, 11 May 2025 04:23:56 GMT
location: http://nicom-twd.com/zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
server: nginx

nicom-twd.com/zclkredirect?visitid=b3ffb930-2e1f-11f0-be0b-0afff4ac6043&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC

0.0.0.0

0 B

URL User Request GET
nicom-twd.com/zclkredirect?visitid=b3ffb930-2e1f-11f0-be0b-0afff4ac6043&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zclkredirect?visitid=b3ffb930-2e1f-11f0-be0b-0afff4ac6043&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC HTTP/1.1
Host: nicom-twd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://nicom-twd.com/zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

static.captcha-delivery.com/common/fonts/roboto/roboto.woff2

54.240.174.108

200 OK

16 kB

URL GET
static.captcha-delivery.com/common/fonts/roboto/roboto.woff2
IP
54.240.174.108:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAncaLVowMRjcAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=3UfKPhDYn4WQ2_q3LFxpyjSeWHYewWj5kozE37chXlIchV0VSXtnTj2sF_Sm8Ao41Iwt5E_4wM~5sIi7lk8XzCBlwwwy2Z1GvYu83VnmGwgNePa9qFSAG8EXSumbYVhd&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e%26url%3Dhttps%253A%252F%252Fwww.netonnet.no%252Fart%252Ftv%252F46-55%252Fandersson-qled5050uhd%252F1034787.11451%252F%253Fkk%253Da4c6293-196bd95ea1b-205b62%2526utm_source%253Dkelkoo.no%2526utm_medium%253Dcpc%2526utm_campaign%253Dprospecting_conversion_kelkoo-prisjamforelse_no%2526utm_source_platform%253DKelkooGroup%26initiator%3Dfp%26dc%3Dfalse&s=35103&b=32286&dm=cd
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15688, version 1.0
Size
16 kB (15688 bytes)
Hash
aa23b7b4bcf2b8f0e876106bb3de69c6
106ac454ba4e503e0a1cd15e1275130918049182
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

HTTP Headers

GET /common/fonts/roboto/roboto.woff2 HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://geo.captcha-delivery.com
DNT: 1
Connection: keep-alive
Referer: https://static.captcha-delivery.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff2
content-length: 15688
access-control-allow-origin: https://geo.captcha-delivery.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Fri, 06 May 2022 16:47:07 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sun, 11 May 2025 02:13:18 GMT
etag: "aa23b7b4bcf2b8f0e876106bb3de69c6"
vary: Origin
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vfcANVZYXYuGiB47QhDatA4pj81mgezrO7M5sMNDXZxj58cg-dWuDQ==
age: 8964
X-Firefox-Spdy: h2

qetyhyg.com/favicon.ico

64.225.91.73

200 OK

593 B

URL GET
qetyhyg.com/favicon.ico
IP
64.225.91.73:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://qetyhyg.com/login.php0w
Certificate
IssuerLet's Encrypt
Subjectqetyhyg.com
FingerprintF0:8A:4A:44:6B:42:A4:F0:80:EF:84:94:9C:8C:60:80:38:79:AF:E0
ValidityFri, 11 Apr 2025 23:57:20 GMT - Thu, 10 Jul 2025 23:57:19 GMT

File type
HTML document, ASCII text
Size
593 B (593 bytes)
Hash
3b03d93d3487806337b5c6443ce7a62d
93a7a790bb6348606cbdaf5daeaaf4ea8cf731d0
7392749832c70fcfc2d440d7afc2f880000dd564930d95d634eb1199fa15de30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: qetyhyg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://qetyhyg.com/login.php0w
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 11 May 2025 04:23:33 GMT
Content-Type: text/html
Last-Modified: Wed, 22 Feb 2023 21:25:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63f68860-251"
Content-Encoding: gzip

nicom-twd.com/zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381

54.146.90.40

200

3.1 kB

URL User Request GET
nicom-twd.com/zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
IP
54.146.90.40:80
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with very long lines (408)
Size
3.1 kB (3086 bytes)
Hash
d42e6bcdda3077094f5de3bba15320fa
c34ccfa451d2808ed16aa8c6dc0683a07046a3dd
83a11c3541c0ce63f47219d509f7dbff68c81ab0fb7b5f11aeb3dad91f50ea68

HTTP Headers

GET /zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381 HTTP/1.1
Host: nicom-twd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Sun, 11 May 2025 04:23:58 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 3086
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type

54.146.90.40

302

245 kB

URL User Request GET
nicom-twd.com/zclkredirect?visitid=b3ffb930-2e1f-11f0-be0b-0afff4ac6043&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC
IP
54.146.90.40:80
ASN
#14618 AMAZON-AES

File type

Size
245 kB (245073 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zclkredirect?visitid=b3ffb930-2e1f-11f0-be0b-0afff4ac6043&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC HTTP/1.1
Host: nicom-twd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nicom-twd.com/zclkvisitor/b3ffb930-2e1f-11f0-be0b-0afff4ac6043/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 
Date: Sun, 11 May 2025 04:23:58 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Location: https://geotrkclknow.com/rot/CoXC1ug9UP3UrzbI?extid=zrb3ffb9302e1f11f0be0b0afff4ac6043ad26e738a123451aa03e5cc1e955ed8e090796e356ec70d5db&cost=0.005000&targid=lima-sip-kpp8n4p52j&sczp=badious-buzzard

geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAncaLVowMRjcAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=3UfKPhDYn4WQ2_q3LFxpyjSeWHYewWj5kozE37chXlIchV0VSXtnTj2sF_Sm8Ao41Iwt5E_4wM~5sIi7lk8XzCBlwwwy2Z1GvYu83VnmGwgNePa9qFSAG8EXSumbYVhd&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e%26url%3Dhttps%253A%252F%252Fwww.netonnet.no%252Fart%252Ftv%252F46-55%252Fandersson-qled5050uhd%252F1034787.11451%252F%253Fkk%253Da4c6293-196bd95ea1b-205b62%2526utm_source%253Dkelkoo.no%2526utm_medium%253Dcpc%2526utm_campaign%253Dprospecting_conversion_kelkoo-prisjamforelse_no%2526utm_source_platform%253DKelkooGroup%26initiator%3Dfp%26dc%3Dfalse&s=35103&b=32286&dm=cd

13.50.6.43

200 OK

550 kB

URL GET
geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAncaLVowMRjcAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=3UfKPhDYn4WQ2_q3LFxpyjSeWHYewWj5kozE37chXlIchV0VSXtnTj2sF_Sm8Ao41Iwt5E_4wM~5sIi7lk8XzCBlwwwy2Z1GvYu83VnmGwgNePa9qFSAG8EXSumbYVhd&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e%26url%3Dhttps%253A%252F%252Fwww.netonnet.no%252Fart%252Ftv%252F46-55%252Fandersson-qled5050uhd%252F1034787.11451%252F%253Fkk%253Da4c6293-196bd95ea1b-205b62%2526utm_source%253Dkelkoo.no%2526utm_medium%253Dcpc%2526utm_campaign%253Dprospecting_conversion_kelkoo-prisjamforelse_no%2526utm_source_platform%253DKelkooGroup%26initiator%3Dfp%26dc%3Dfalse&s=35103&b=32286&dm=cd
IP
13.50.6.43:443
ASN
#16509 AMAZON-02

Requested by
https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e&url=https%3A%2F%2Fwww.netonnet.no%2Fart%2Ftv%2F46-55%2Fandersson-qled5050uhd%2F1034787.11451%2F%3Fkk%3Da4c6293-196bd95ea1b-205b62%26utm_source%3Dkelkoo.no%26utm_medium%3Dcpc%26utm_campaign%3Dprospecting_conversion_kelkoo-prisjamforelse_no%26utm_source_platform%3DKelkooGroup&initiator=fp&dc=false
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
FingerprintF2:9E:7E:72:25:57:E3:AF:B6:87:61:A0:0D:B1:85:B4:85:82:E6:96
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (61855)
Size
550 kB (549948 bytes)
Hash
cacd79532e3f60260444f56432eff307
c4923dab8ae43c386fe348d30e12f228001a929e
f1f03708f6acf21476f661982f87128d06308618bbbb4e6ac0493cc43ec46e04

HTTP Headers

GET /interstitial/?initialCid=AHrlqAAAAAMAncaLVowMRjcAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=3UfKPhDYn4WQ2_q3LFxpyjSeWHYewWj5kozE37chXlIchV0VSXtnTj2sF_Sm8Ao41Iwt5E_4wM~5sIi7lk8XzCBlwwwy2Z1GvYu83VnmGwgNePa9qFSAG8EXSumbYVhd&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43799334e64879a30590f68d92483e3745948520a3e38829e7b2845f2edb8670120a28a6d753ac19def0339aa474fa6a1c99085afd4156550e3ee086e0580d0e949ba8a23d7957b89d22b9f0097a1fb9da6b2dadb8de3af3acb8ea64a1957a03fe54fcbcae9c4468ba838a6310f845134cbcf50f96dfed467fdd7169bbbde2ae28a9ea475147526a4b40f186869586de8089d2bb5d0e2374f61dabb17e045ef0d0bb049b072db1226a0636e7445092b776e67a5fa63e313fe3b8d81ba6c8b6b123682fa5f8591b66cd66cf01bdff3b6767296d6c56d7ea637b6eb257eb6beafb7f12052c5f183ccd347fc1dc24c7e37dbc79f21250d12e1e6e91d0e2c01013ac15da288369b010a9efff41b102987d98bf920fd7cc9feeff622c637e499010796764b74df6dae48ad7576d12e706847605e4ae942d2790c23083a7a1f4a127a347713ee198fe10be00e%26url%3Dhttps%253A%252F%252Fwww.netonnet.no%252Fart%252Ftv%252F46-55%252Fandersson-qled5050uhd%252F1034787.11451%252F%253Fkk%253Da4c6293-196bd95ea1b-205b62%2526utm_source%253Dkelkoo.no%2526utm_medium%253Dcpc%2526utm_campaign%253Dprospecting_conversion_kelkoo-prisjamforelse_no%2526utm_source_platform%253DKelkooGroup%26initiator%3Dfp%26dc%3Dfalse&s=35103&b=32286&dm=cd HTTP/1.1
Host: geo.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 11 May 2025 04:24:01 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (23)

URL User Request GET

IP

ASN

Certificate